60-Day Agency Response

To address the California State Auditor's recommendation that it ensure that any certifications it submits to California Department of Technology (CalTech) accurately represent its information security environment, the California Public Utilities Commission (CPUC) has created a new policy that modifies its existing internal certification process. The new policy requires all certification documentation submitted to CalTech to be reviewed by a CPUC internal committee consisting of the manager of the Information Technology Unit, the Information Security Officer, and the Chief Information Officer. After the initial review and approval by the committee, the certification documentation will be sent to the Executive Director or designee for final sign off.